个人中心
gpt4 book ai didi

java - Spring Boot ServeletInitializer 和 Spring Security

转载 作者:行者123 更新时间:2023-11-30 07:01:56 30 4
gpt4 key购买 nike

我有 2 个配置文件。一种是Spring Boot应用

@SpringBootApplication
public class Application extends SpringBootServletInitializer {

    public static void main(String[] args) {
        ApplicationContext ctx = SpringApplication.run(Application.class, args);
    }

    @Override
    protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
        return application.sources(Application.class);
    }
    ...
   }

还有 Spring 安全配置。看来它不工作。每当我访问 localhost:8080 时,它都会询问我的用户名和密码。我相信我在 auth.inMemoryAuthentication().withUser("user").password("password").roles("USER")

中配置了 
@Configuration
@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter{
    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth
            .inMemoryAuthentication()
            .withUser("user").password("password").roles("USER");
    }
}

但是它显示了无效的凭据,有没有办法验证这个?

编辑:我正在尝试将此 xml 配置转换为基于 JavaConfig 但仍然无济于事。

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:context="http://www.springframework.org/schema/context"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans
           http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
           http://www.springframework.org/schema/security
           http://www.springframework.org/schema/security/spring-security.xsd
           http://www.springframework.org/schema/context
    http://www.springframework.org/schema/context/spring-context.xsd">

    <context:component-scan base-package="org.app.genesis.client.auth"/>

    <http pattern="/resources/**" security="none"/>
    <http pattern="/index.jsp" security="none"/>

    <http>
        <intercept-url pattern="/api/*" requires-channel="https"/>
        <!--TODO Add RESOURCE PATTERN checker -->
        <form-login login-page="/index.jsp" default-target-url="/dashboard"/>
        <logout />
    </http>

    <!-- Test Login values -->
    <authentication-manager>
        <!--use inMemoryUserDetailsService for faux auth -->
        <authentication-provider ref="customAuthenticationProvider"/>
    </authentication-manager>
</beans:beans>

这是我的新 SecurityConfig

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {


    @Autowired
    private TenantDetailsService tenantUserDetailsService;

    @Autowired
    private PasswordEncryptionService passwordEncoder;

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(tenantUserDetailsService).passwordEncoder(passwordEncoder);
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.formLogin().loginPage("/index.jsp").defaultSuccessUrl("/dashboard");
    }
}

安全配置.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:context="http://www.springframework.org/schema/context"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans
           http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
           http://www.springframework.org/schema/security
           http://www.springframework.org/schema/security/spring-security.xsd
           http://www.springframework.org/schema/context
    http://www.springframework.org/schema/context/spring-context.xsd">

    <context:component-scan base-package="org.brightworks.genesis.client.auth"/>

    <http pattern="/resources/**" security="none"/>
    <http pattern="/index.jsp" security="none"/>

    <http>
        <intercept-url pattern="/api/*" requires-channel="https"/>
        <!--TODO Add RESOURCE PATTERN checker -->
        <form-login login-page="/index.jsp" default-target-url="/dashboard"/>
        <logout />
    </http>

    <!-- Test Login values -->
    <authentication-manager>
        <!--use inMemoryUserDetailsService for faux auth -->
        <authentication-provider ref="customAuthenticationProvider"/>
    </authentication-manager>
</beans:beans>

最佳答案

使用 auth.inMemoryAuthentication() 您只需定义一个用户及其凭据。如果你想使用它们,你必须告诉 Spring Boot 不要创建它自己的默认值。 Spring Boot 的默认值是“用户”和运行应用程序时在控制台中显示的密码。您在 application.properties 文件中设置自己的默认凭据,如下所示:

security.user.name=user
security.user.password=password
management.security.role=USER

关于java - Spring Boot ServeletInitializer 和 Spring Security,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/29444310/

30 4 0
文章推荐: java - GSON 无法使用字符串空间解析 JSON
文章推荐: java - 正则表达式分配不正确
文章推荐: javascript - 为什么比较三个数组元素返回 false
文章推荐: javascript - iText7 字段事件操作不起作用
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com